Introduction • jet. Blue • The need for systems that can be trusted • Embedding Privacy Policy into the applications that use Sensitive Information • Credit card machines

PII • You can still retain control • Expiration • Remote destruction with little effort by the corporation who has the data • Force privacy policies

Descartes (1641) • Meditations on First Philosophy • Can we trust our senses? • What if everything we experience is a delusion created by an evil demon bent on deceiving us?

The Matrix?

Interest • This is a question that has been weighing on Several computer companies • How do you know that your computer is actually what it seems? • Hackers and imitative programs • Sensitive information, keystrokes and complete control

Trust in other software • How can one program running on your computer trust another one? • What if the operating system has been subverted • Anti Virus • How would you warn the user?

Trust in you • Movie studios, recording companies, Health care providers [ legitimate right ] • Some information is given based on trust in you • Do you have control? • Real issues – – Viruses Trojans Spyware P 2 P networks

Implications • • Implications for a P 3 P client Alterations of policy Lack of enforcement Advantages of a trusted client and a trusted website component • Many implications on privacy of sensitive information

Trusted Platform Module (TPM) v 1. 1 • The TPM is a collection of hardware, firmware and/or software that support the following protocols and algorithms: Algorithms: RSA, SHA-1, HMAC Random number generation Key generation Self Tests • The TPM provides storage for an unlimited number of private keys or other data using RSA

PC Specific block diagram of TCG

Secure storage in TPM • Seal and Unseal which are simply front-ends to RSA encrypt and decrypt • But sealing encrypts the platform configuration register (PCR) values with the data. Unique identifier tpm. Proof. • Conditions for unsealing data – Appropriate key is available – TPM PCR’s must contain the same values as during sealing (implicit key in PCR’s) – tpm. Proof must be the same as during encryption • Allows software to state the future configuration the platform must be for unsealing.

Additional operation: Unbind • Unbind decrypts a “blob” created outside the TPM where the private key is stored inside the TPM. • A blob is data + header information encrypted. • Seal jet Blue customer data – Can only be decrypted on the same platform – Removes the possibility of data being accessed by different machines

Types of keys • Storage Root Key – one for each TPM created at the request of the owner, migratable, unmigratable data • Signing keys – leaves of the storage root key hierarchy • Storage keys – used for the protected storage hierarchy only and Binding keys • Identity keys – used for TPM identity • Endorsement key pair – asymmetric key pair generated by or inserted in the TPM as proof that it is genuine. – One to one relationship between TPM and endorsement key – One to one relationship between TPM and platform – Endorsement key and platform

Target of evaluation (TOE) • The new version of TCG will have TPM as a monitoring module and doesn’t actually control the boot process • Hardware, software and firmware that comprise the TPM • Identifies threats to the TOE: T. Attack, T. Bypass, T. Imperson, T. Malfunction etc…. • Each threat is explained and the objective is explained in the specification, eg. O. Attack • An example

T. Export • Threat description: A user or an attacker may export data without security attributes or with unsecure security attributes, causing the data exported to be erroneous and unusable, to allow erroneous data to be added or substituted for the original data, and/or to reveal secrets. • Objective (O. Export): When data are exported outside the TPM, the TOE shall ensure that the data security attributes being exported are unambiguously associated with the data. • Interesting use of “user or an attacker” here

T. Replay • Threat description: An unauthorized individual may gain access to the system and sensitive data through a “replay” or “man-in-the-middle” attack that allows the individual to capture identification and authentication data. • T. Replay is countered by O. Single_Auth, which states: The TOE shall provide a single use authentication mechanism and require re-authentication to prevent “replay” and “man-in-the-middle” attacks.

TPM Block diagram

Software • Palladium - After the mythological statue that defended ancient Athens against invaders • Microsoft has discontinued use of the code name "Palladium. " The new components being developed for the Microsoft® Windows® Operating System, are now referred to as the Next. Generation Secure Computing Base for Windows (NGSCB).

Next-Generation Secure Computing Base for Windows

NGSCB • Seal and Unseal explained • Nexus Computing Agents(NCA)

Microsoft on applications • Bryan Willman: Suppose you run a pharmacy company. When you test a new drug, of course it's bad if someone has a bad reaction to the drug, but it's much worse if someone tampers with that data so that your results are skewed. That means it's critical that all test data is entered accurately and no one tampers with it. NGSCB ensures that those files can't be breached or modified in any way. • Here's another example. If you and your doctor and your pharmacist are communicating about a medical condition you have, you want to be sure that the information you exchange is confidential and true. Today you probably wouldn't want to do that online from your home computer because with all that software that you and your kids have loaded onto it, somewhere along they way it may have picked up a virus or two, so there's no way to know for sure how safe your information is. With NGSCB you use the right-hand side, and no matter what is happening on the left-hand side, you can be sure that the data passed between you and your doctor and your pharmacist hasn't been tampered with. • Microsoft has a separate research area called Trustworthy Computing which is more towards what we define as “trust”

Memory Curtaining • Strong hardware enforced memory isolation • Programs are not able to read or write each others memory • Not even the OS • Intruders have no access • Implementation in hardware permits the greatest backward compatibility with existing software, which is a goal

Secure I/O • Key loggers, screen grabbers • Music and movie industry would like this a lot • It will allow programs to determine if the input came from a user or from a different program • Would take out the case of a virus taking over the output from Anti Virus software • Good for privacy of data

Secure Storage • • Similar to what we saw in the TCG specification Addresses the failure of PC’s to store keys securely No more. pwl’s How can they be stored so that it’s only accessible to legitimate users? Generates the key based on the software requesting the key and the platform that its running on at the time No need to store the key, as the key can simply be recreated when it is needed Imposes that sealed data can only be decrypted on one particular user platform + software combination Is this a good thing?

Do you have control? • Moving files from your computer • What if you don’t like Excel anymore • Exporting Data to a different application is very hard • Adversary is the owner • License fee’s • Upgrades/Downgrades • Do you have a choice?

Remote Attestation • Most revolutionary of the features • Aims to allow detection of unauthorized changes to Software • Others need to be able to tell if your system is “compromised” • Protect a computer against it’s owner • A cryptographic certificate of the software running • Remote party can say if the version of software has been altered • Windows XP, Warcraft • No more cheating in Network Games

Advantages • Each feature can be used to prevent or mitigate real attacks on computers • Coding flaws in one application will not result in private data being accessed by a different application • P 2 P client + MS Word • Does not stop you from running harmful programs, just contains the area it runs in • NGSCB itself will not inherently prevent a user from using a particular operating system or hardware • Spyware will become extinct (No more Gator!)

Problems • Risks of anti-competitive or anti-consumer behavior • Deliberate manufacturer mistakes in implementation – handled by open source? • Threat model supports that the owner is a threat • Attestation cannot differentiate between changes to software with owner’s consent and changes in software by unauthorized intruders • No legal backing to this, users have a legitimate right to reverse-engineer for improvement of a program • Third parties can compel you to choices which you wouldn’t have made otherwise

More problems • Websites that demand attestation • The user cant give an attestation that he’s using IE if he’s using Mozilla instead • MSN not serving webpages to non Microsoft browsers • Can be used to subject you to advertising (“approved client”) • Web servers/File servers that demand fees from client developers • Greatly increases costs of switching to rival software • Samba -> interoperable file system created through reverse engineering (Microsoft could permanently lock out Samba from Windows File servers)

Digital Rights Management • Microsoft and the TCG have made several attempts to say that Trusted Computing is not designed to enforce DRM • Easy for DRM enforcers to enforce policies on users • Trusted Computing maintains the rights of the owner of the document at all costs • Destroying documents (court order? ) • Privacy issues, back to the days when books could be burned • Attestation causes problems

Links between DRM and NGSCB • Curtaining prevents information in decrypted form from being copied • Secure output (no screen grabbing) • Sealed storage allows files to be stored so that only the DRM client that stored them can access them • Remote attestation makes sure only the above DRM client is run • Easy to implement DRM over NGSCB • Microsoft filed a patent for a DRM OS -> possible link here (same individuals involved)

Computer User as Adversary • • Seth Schoen of the Electronic Frontier Foundation A possible solution: Owner override The owner can attest anything Takes away some of the advantages but we still have a free world! Will opt-in be real? Trusted computing aims to enable others to trust your computer Is this relavent? Movies released with remote attestation

Troubling implications • Just a way for Microsoft to make sure pirated software wont run? • Switch off all the computers in China? • Remote control • Deleting pirated music • Digital objects created under TC remain under ownership of the author, even if legal control has been handed to the user • Media Control

Related Legislation • Fritz Hollings (a) SHORT TITLE. -- This Act may be cited as the "Consumer Broadband Digital Television Promotion Act". SEC. 2. FINDINGS. The Congress finds: (1) The lack of high quality digital content continues to hinder consumer adoption of broadband Internet service and digital television products. (2) Owners of digital programming and content are increasingly reluctant to transmit their products unless digital media devices incorporate technologies that recognize and respond to content security measures designed to prevent theft. (3) Because digital content can be copied quickly, easily, and without degradation, digital programming and content owners face an exponentially increasing piracy threat in a digital age. ….

Hollings Bill (18) Piracy poses a substantial economic threat to America's content industries. (19) A solution to this problem is technologically feasible but will require government action, including a mandate to ensure its swift and ubiquitous adoption. (20) Providing a secure, protected environment for digital content should be accompanied by a preservation of legitimate consumer expectations regarding use of digital content in the home. (21) Secure technological protections should enable owners to disseminate digital content over the Internet without frustrating consumers' legitimate expectations to use that content in a legal manner. (22) Technologies used to protect digital content should facilitate legitimate home use of digital content. (23) Technologies used to protect digital content should facilitate individuals' ability to engage in legitimate use of digital content for educational or research purposes. Basic idea -> Digital Rights Management enforced! TCPA Mandated? Thankfully this Bill was not passed

Related Legislation • • Feinstein wanted DRM “This is Napster times 10” Shrek Paul Boutin – A little knowledge is a dangerous thing (in regard to the hollings bill) • The decision to play or not to play must be made by the content, not the player, DRM experts warn. It's tricky, but they'll get to it -- if the industry isn't forced to accept a compromise standard first.

Why TCG? • Controversial • All the manufactures involved in the process would profit greatly if the computer is accepted as a general entertainment platform for the home • Microsoft has been trying • The patents on DRM OS are remarkably similar to the current work on TCG • Implications on the GNU Public License (GPL)

Importance of Open Source • • User Invention Right to reverse engineering Controversial DMCA Are after purchase restrictions legal? – Cell phones that drain generic batteries – Printers that refuse to accept cartridges that have been refilled – Trusted Computing could add a few for computers here… • Sony would want our computers to behave like closed DVD players… do we want that?

Will it work for us? • jet. Blue, enforcing P 3 P • Yes. • Customers can even revoke information they submitted and that would be destroyed from the jet. Blue database • The trusted computing base will make it impossible to just copy data from one place to another • Is this a good corporate solution?

Limiting the Scope • If we can limit the scope of the initiative to personally identifiable information instead of programs in general…. • We have a good solution for the problem of sensitive information in a wired world • People can submit data with policy’s so that they will be destroyed on a later date • Should not be applied generally • Enron…

The Law and Economics of Reverse Engineering • Yale Law Journal (Pamela Samuelson and Suzanne Scotchmer)

Conclusion • As developed currently, “Trusted Computing” seriously challenges user privacy and freedom. • Programs that call home and report how they are being used would be a significant threat to privacy. • Reverse engineering and open source software can not coexist with the current model for Trusted Computing. • The current model thwarts invention and is more suitable as a basis for DRM (if we need that? ) • The concept of trust is based on others trusting your computing, not you trusting your computer. • This is a flawed concept.

Lessons • Some of the concepts in the TCG platform can be very useful in implementing effective privacy and security. • Certain features such as attestation should be removed from the specification or a user override feature should be provided for attestation • Not everything that is open source is good for you!